Digital forensics deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft Windows operating systems. Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.
0bf122d130ac2701097efb0279ea1770e47de47890bfe248c6efa066170e445eSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to conduct script insertion attacks.
ce1550069596eaa7ff73bcee52dfee54874c8c09112cfbfd63df226fca87dc48Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.
7bae29e02d02057cc61741efd202ae99da696fffbf3d953322faa7fcd5294a22This Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.
74cc3c759347106de31d2f7d447682b88481649a9cdcb47556ef3dc90a7223aeDell IT Assistant detectIESettingsForITA.ocx Active-X control readRegVal() remote registry dump exploit.
972fe47b27217c4fe43b9ab5056484e368ca06d298659a3290fa514440134e4eGrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
a9e74aee34e5e451e2940487fc84fcd51ac0c986e96b1681ec9218bf74a94829RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
c9123786bc1be1a714c59e2fabae693d434698ce4d3fc44847cb847bff26b686RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
b7ae9e5c13f949ef958da4cba741067516bbc4c2800e033ff0d6ad4506945406This windows binary is a lightweight tool for removing strings in the Windows registry.
930084f1b07b611ad257a6cfe7c757a97c1013ed722666b27d57b5aa114e5604Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to bypass certain security restrictions.
f4c441bb1c2dd6767bc1e9625817395024182d88e4388acde8d4ddfa3d04c4c0SmartFTP version 4.0.1142.0, Speak Aloud, The GodFather version 0.80, Vip Rumor Player version 3.7 and Wise Registry Cleaner DLL hijacking exploit.
0a8c2d9a9b6b25e76828d4528d063bf6d6e6d75f8d9314b1a6682e9bf35411b7Zero Day Initiative Advisory 10-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks Remote Management. Access to a single node with Remote Management client installed and configured is required. The specific flaw exists within the storage of Remote Management authentication information on the client. The client utilizes a password stored in the registry that is common among all nodes. This can be exploited by an attacker to execute remote code on any target with the client installed.
8ca0a2ed35cf8c12d8928288cf8e2cccd425210d6feb2ab5d311442100603476Secunia Security Advisory - Two vulnerabilities have been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to conduct cross-site scripting attacks.
79cf987873529f97ed8f7b4230964a59228d028873e9e1491052426c3d94a910HP Security Bulletin - Potential security vulnerabilities have been identified with HP SOA Registry Foundation. The vulnerabilities could be exploited remotely to gain unauthorized access to data, for cross site scripting (XSS), or to escalate privileges.
bbda352244788e6afcab64cbca7d44c84fac053e9dc79db7d466c06de38d3c1eSecunia Security Advisory - Multiple vulnerabilities have been reported in HP SOA Registry Foundation, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
1612622b14a877fed699f4406f0eefb5e0ea84611779fe95a94b3aa2afd705d4RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
2efcef5aae5418aac5d3ebe7af46e05349622d4e16ab73186e38b6c28762a94eThis registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.
9cec54ca3bf48377115aba5d8a681eeb8b070d26a3b7949518b42ec39e09b6cbThis Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook
23ee569235c3874d89c2c84da0e57b5ca0d9fd9d118297399485cee1eebf336bMandriva Linux Security Advisory 2009-042 - Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. This update provides samba 3.2.7 to address this issue.
efb5f8b23c9eedd417563c173288af30bba7270229333d7b3a27d00d1092a230Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default.
1f54398ec952d4b39f2110cd81591e592bacac95220038e4c096a6ab8d8ae1baHummingbird Deployment Wizard 2008 with DeployRun.dll versions 10.0.0.44 and below suffer from a registry value creation/change vulnerability.
64592e90a4355f468b611c04f4d156ae3760bf75c7dc2e15f12730716ebb6192GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
01a6114fa008aabd4c84b5eb4af2b43ecb2816c9a7e5408de54d5507d0bf83abRegistry Pro remote insecure method exploit that makes use of epRegPro.ocx.
7df90c5d8e874b8e50220298a3d3d4af0261dd70bd90d1efa150baef96a938bdExploit that demonstrates how the manipulation of a registry key in Microsoft Windows XP SP2 can disable the taskmanager.
72924758a2cd7b2bee11688185242cfe21c6a2f799feebfdf44715eaa66f897bcreddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts LM and NT hashes (SYSKEY protected), cached domain passwords, and LSA secrets. It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way.
374120593faeda9eec711d4116574781a467e1b5a0057fa090a5b58d4a9c029e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed